search: filter sub-repo perms in run.Aggregator
There are no commits yet
Push commits to the source branch or add previously merged commits to review them.
Created by: bobheadxi
Closes #27139 (closed) - alternative approach to #27012 (see update in RFC 503)
Filters sub-repo perms in the results Aggregator, used by both streaming and graphql search. The entire check is omitted if the enableSubRepoPerms
site config is not enabled.
Also see https://github.com/sourcegraph/sourcegraph/pull/27189#issuecomment-967300062 for closing remarks
From my understanding of the search API code:
streamHandler
, which uses graphqlbackend.NewSearchImplementer => searchResolver
. The search implementer providers a resovler via Results()
that is used to get results for streaming.SearchResultsResolver
from the searchResolver
is also used in the search GraphQL APIresultsBatch
or resultsStreaming
, both of which use resultsRecursive
, which seems to handle doing things to the query until we get a newResult
from evaluate()
evaluate()
, the code branches off into a bunch of different things againFrom this understanding:
resultsRecursive
is the right thing to do, so I've gone ahead and drafted what this might look like here. Another idea could be placing it in searchResolver.Results()
.
We don't have docs yet, but some details about SubRepoPermsClient
:
Read
immediatelySubRepoPermsClient
(https://github.com/sourcegraph/sourcegraph/issues/26663)
Push commits to the source branch or add previously merged commits to review them.